SlideShare a Scribd company logo

SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera

SBA Research
SBA Research

Zielgruppe: Personen die an Angriffsszenarien gegen IoT-Geräte und eingebettete Systeme interessiert sind Schwerpunkt: technisch Sprache: Deutsch Abstract: ********** Dieser Vortrag gibt einen Einblick in physische Angriffe gegen IoT-Geräte und eingebettete Systeme. Mögliche Angriffe sowie Gegenmaßnahmen werden im Überblick präsentiert. About the Speaker: ********************* Christian Kudera is researcher and security analyst at SBA Research. Christian received an MSc in Hardware & Software Security from TU Wien. Currently he is working towards his PhD degree with the focus on Internet of Things and embedded systems security. He has more than six years of experience as security analyst in the areas of hardware and software security. He teaches multiple courses at TU Wien (Internet Security, Advanced Internet Security) and at Universities of Applied Sciences (Rosenheim Technical University of Applied Sciences, FH Campus Wien, FH St. Pölten).

Technology
1 of 41
Download to read offline
Classification: Public 1 Welcome to the SBA Live Academy #bleibdaheim #remotelearning Today: Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera You are automatically muted by entry, please use the chat for interacting with us. This talk will be recorded as soon as the presentation starts! Recording will end BEFORE the Q&A Session starts.
Classification: Public 2 Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) Christian Kudera SBA Research gGmbH, 2020
Classification: Public 3 Acknowledgement • Presentation partially based on slides from Markus Kammerstetter (Trustworks GmbH) o https://www.trustworks.at/ SBA Research gGmbH, 2020
Classification: Public 4 Hardware Security Fundamentals SBA Research gGmbH, 2020
Classification: Public 5 Newer Designs SBA Research gGmbH, 2020
Classification: Public 6 Integrated Circuit (IC): Die SBA Research gGmbH, 2020
Classification: Public 7 IC Structure
Classification: Public 8 Mechanical Invasiveness • Non-invasive o It is not necessary to open the chip • Semi-invasive o The chip has to be decapsulated, so that the die is visible o Passivation layer stays intact • Invasive o The chip is fully decapsulated o Passivation layer is (partially) removed o Physical contact to chip signals possible SBA Research gGmbH, 2020 Costs
Classification: Public 9 Hardware Security Non-Invasive Attacks SBA Research gGmbH, 2020
Classification: Public 10 A bad password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { for (int i=0; i<pass_len; i++) { if (passwd[i] != stored_passwd[i]) return false; } return true; }
Classification: Public 11 A bad password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { for (int i=0; i<pass_len; i++) { if (passwd[i] != stored_passwd[i]) return false; } return true; } Terminates as soon a byte is wrong Based on timing information, it’s is easy to guess the password
Classification: Public 12 A better password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { int err=0; for (int i=0; i<pass_len; i++) { err |= passwd[i] ^ stored_passwd[i]; } if (err != 0) return false; return true; } Constant time
Classification: Public 13 Simple Power Analysis • The power consumption of a processor depends on the instruction executed • Security analyst / attacker closely monitors the power consumption during clock cycles (i.e. time domain) • For a given instruction, the power consumption also depends on the data processed SBA Research gGmbH, 2020
Classification: Public 14 Simple Power Analysis SBA Research gGmbH, 2020
Classification: Public 15 Vulnerable RSA exponentiation • Example: • Using SPA, it’s possible to completely recover the RSA secret key during the exponentiation of large integers! SBA Research gGmbH, 2020 [Cryptography Research, Inc.]
Classification: Public 16 Side Channel Countermeasures • Use secure components (e.g. microcontroller with implemented countermeasures) • Leakage reduction (e.g. through balancing) • Noise introduction • Masking (e.g. through insertion of random dummy cycles) • Obfuscation SBA Research gGmbH, 2020
Classification: Public 17 Clock Glitching • For a short time, the IC receives a clock pulse that is too fast for the IC to fully process: • Some of the IC operations will work as intended (e.g. increase program counter), others will not finish and get interrupted • Can be used to skip code (e.g. conditional jump in password check) SBA Research gGmbH, 2020
Classification: Public 18 Voltage Glitching SBA Research gGmbH, 2020
Classification: Public 19 Practical Example • Bozzato, Claudio, Riccardo Focardi, and Francesco Palmarini. "Shaping the Glitch: Optimizing Voltage Fault Injection Attacks." IACR Transactions on Cryptographic Hardware and Embedded Systems (2019) • Firmware extraction via fault injection o STMicroelectronics: STM32 F1, STM32 F3 o Texas Instruments: MSP430 F5xx o Renesas Electronics: 78K family (e.g. 78K0/Kx2) SBA Research gGmbH, 2020
Classification: Public 20 Fault Injection Countermeasures • Use secure components (e.g. microcontroller with implemented countermeasures) • Environmental sensors • Tamper sensors • Internal filtering • Shielding SBA Research gGmbH, 2020
Classification: Public 21 Cold Boot Stepping • Obermaier, Johannes, and Stefan Tatschner. "Shedding too much light on a microcontroller's firmware protection." 11th USENIX Workshop on Offensive Technologies (WOOT 17). 2017 • Analysis of the STMicroelectronics STM32 F0 security concept SBA Research gGmbH, 2020
Classification: Public 22 Hardware Security Semi-Invasive Attacks & Invasive Attacks SBA Research gGmbH, 2020
Classification: Public 23 Wet Chemical Decapsulation • Epoxy package is very resistant • Epoxy can be dissolved in concentrated and heated up acids (usually fuming HNO3, H2SO4 or a combination thereof) • Bonding wires, pads and passivation layer stays intact, copper wires can be an issue • Easy to conduct, but safety equipment necessary SBA Research gGmbH, 2020
Classification: Public 24 Wet Chemical Decapsulation SBA Research gGmbH, 2020 1 – Carefully mill a cavity
Classification: Public 25 Wet Chemical Decapsulation SBA Research gGmbH, 2020 2 – Carefully apply nitric acid (HNO3) / sulfuric acid (H2SO4) on hot plate Safety equipment & fume hood
Classification: Public 26 Wet Chemical Decapsulation SBA Research gGmbH, 2020 3 – Rinse in Acetone
Classification: Public 27 Wet Chemical Decapsulation SBA Research gGmbH, 2020 4 – Repeat etch & rinse until die fully exposed
Classification: Public 28 Wet Chemical Decapsulation SBA Research gGmbH, 2020 5 – Clean in Acetone in ultrasonic cleaner to remove remaining residue
Classification: Public 29 Wet Chemical Decapsulation SBA Research gGmbH, 2020 6 – Chip ready for further analysis and/or attack Chip is still functional
Classification: Public 30 Optical Microscopy SBA Research gGmbH, 2020
Classification: Public 31 Scanning Electron Microscope SBA Research gGmbH, 2020
Classification: Public 32 Plasma Deprocessing • Principle of plasma etching already covered (i.e., plasma decapsulation) • Advantage: o Very clean results o strong selectivity o passivation removal • Disadvantages: o Metal etching requires highly toxic Chlorine based gases o Formation of “RIE grass” SBA Research gGmbH, 2020
Classification: Public 33 Polishing • Use slurry with silica crystals for polishing • Die is mounted with special wax • Alignment is key to get planar polishing results • Disadvantage: o Uneven results o Material dependent removal rates SBA Research gGmbH, 2020
Classification: Public 34 Example: Metal Layer Removal SBA Research gGmbH, 2020 Top metal layer Below interconnect layer exposed
Classification: Public 35 Example: Via Imaging SBA Research gGmbH, 2020
Classification: Public 36 Automated Gate Recognition • Using pattern recognition, security analyst / attacker can identify the standard cells and how they are interconnected • It’s possible to reconstruct the implemented logic SBA Research gGmbH, 2020
Classification: Public 37 Focused Ion Beam (FIB) SBA Research gGmbH, 2020
Classification: Public 38 Summary & Takeaway • Physical attacks are a serious threat for the IoT and embedded devices o Know the risks and consider them in a threat analysis • Use secure components if necessary o Be aware that an attacker may still be able to extract the firmware or particular secrets SBA Research gGmbH, 2020
Classification: Public 39 Professional Services Penetration Testing Architecture Reviews Security Audit Security Trainings Incident Response Readiness ISMS & ISO 27001 Consulting Bridging Science and Industry Applied Research Industrial Security | IIoT Security | Mathematics for Security Research | Machine Learning | Blockchain | Network Security | Sustainable Software Systems | Usable Security SBA Research Knowledge Transfer SBA Live Academy | sec4dev | Trainings | Events | Teaching | sbaPRIME Contact us: anfragen@sba-research.org
Classification: Public 40 #bleibdaheim #remotelearning Coming up @ SBA Live Academy 05.05.2020, 13.00 Uhr, live: „Threat Modeling 101 – eine kurze jedoch praxisnahe Einführung“ by Daniel Schwarz Join our MeetUp Group! https://www.meetup.com/Security-Meetup-by-SBA-Research/
Classification: Public 41 Christian Kudera SBA Research gGmbH Floragasse 7, 1040 Vienna ckudera@sba-research.org SBA Research gGmbH, 2019

Recommended

SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Research
 
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Research
 
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Research
 
SBA Live Academy, What the heck is secure computing
SBA Live Academy, What the heck is secure computingSBA Live Academy, What the heck is secure computing
SBA Live Academy, What the heck is secure computing
SBA Research
 
SBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Live Academy: A Primer in Single Page Application Security by Thomas KonradSBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Research
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
Kaspersky
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
Jorge Orchilles
 

Recommended

SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Live Academy - CRLite – Revocation for X.509 certificates in the browser ...
SBA Research
 
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Live Academy: Software Security – Towards a Mature Lifecycle and DevSecOp...
SBA Research
 
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Live Academy - Angriffe auf Windows Domains und Delegation by Reinhard Ku...
SBA Research
 
SBA Live Academy, What the heck is secure computing
SBA Live Academy, What the heck is secure computingSBA Live Academy, What the heck is secure computing
SBA Live Academy, What the heck is secure computing
SBA Research
 
SBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Live Academy: A Primer in Single Page Application Security by Thomas KonradSBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Live Academy: A Primer in Single Page Application Security by Thomas Konrad
SBA Research
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
MITRE - ATT&CKcon
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
Kaspersky
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
Jorge Orchilles
 
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
Priyanka Aash
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
 
Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence services
ANSItunCERT
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
Sergey Gordeychik
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code ReviewsMarco Morana
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Clare Nelson, CISSP, CIPP-E
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
Guardicore
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
MITRE - ATT&CKcon
 
Fighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case StudyFighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case Study
Priyanka Aash
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Kaspersky
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
Rony Melo
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Challenges and opportunities for European MSPs
Challenges and opportunities for European MSPsChallenges and opportunities for European MSPs
Challenges and opportunities for European MSPs
Kaspersky
 
Anti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfAnti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdf
shannlevia123
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
TI Safe
 

More Related Content

What's hot

MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
Priyanka Aash
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
Hacks in Taiwan (HITCON)
 
Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence services
ANSItunCERT
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
Sergey Gordeychik
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code ReviewsMarco Morana
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Clare Nelson, CISSP, CIPP-E
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
Guardicore
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
MITRE - ATT&CKcon
 
Fighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case StudyFighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case Study
Priyanka Aash
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Kaspersky
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
Rony Melo
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez
 
Challenges and opportunities for European MSPs
Challenges and opportunities for European MSPsChallenges and opportunities for European MSPs
Challenges and opportunities for European MSPs
Kaspersky
 

What's hot (20)

MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
【HITCON FreeTalk 2021 - SolarWinds 供應鏈攻擊事件分析】
 
Présentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence servicesPrésentation kaspersky threat intelligence services
Présentation kaspersky threat intelligence services
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructureVulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
 
Secure Code Reviews
Secure Code ReviewsSecure Code Reviews
Secure Code Reviews
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
The Art of CTF
The Art of CTFThe Art of CTF
The Art of CTF
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Fighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case StudyFighting Malware with Graph Analytics: An End-to-End Case Study
Fighting Malware with Graph Analytics: An End-to-End Case Study
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
 
Challenges and opportunities for European MSPs
Challenges and opportunities for European MSPsChallenges and opportunities for European MSPs
Challenges and opportunities for European MSPs
 

Similar to SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera

Anti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfAnti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdf
shannlevia123
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
TI Safe
 
IIC_QuiltPackaging_TechBriefing_February2016
IIC_QuiltPackaging_TechBriefing_February2016IIC_QuiltPackaging_TechBriefing_February2016
IIC_QuiltPackaging_TechBriefing_February2016Jason Kulick
 
2011 年會-IC封測產業技術發展現況與未來挑戰
2011 年會-IC封測產業技術發展現況與未來挑戰2011 年會-IC封測產業技術發展現況與未來挑戰
2011 年會-IC封測產業技術發展現況與未來挑戰
CHENHuiMei
 
System on Chip
System on ChipSystem on Chip
System on Chip
Swamy T N
 
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
Sofics
 
Michael_Kogan_portfolio
Michael_Kogan_portfolioMichael_Kogan_portfolio
Michael_Kogan_portfolioMichael Kogan
 
Michael_Kogan_portfolio
Michael_Kogan_portfolioMichael_Kogan_portfolio
Michael_Kogan_portfolioMichael Kogan
 
IRJET- Wireless Controlled Robot for Bomb Detection and Defusion
IRJET- Wireless Controlled Robot for Bomb Detection and DefusionIRJET- Wireless Controlled Robot for Bomb Detection and Defusion
IRJET- Wireless Controlled Robot for Bomb Detection and Defusion
IRJET Journal
 
Optocoupler Degradation - Fact or Fiction?
Optocoupler Degradation - Fact or Fiction?Optocoupler Degradation - Fact or Fiction?
Optocoupler Degradation - Fact or Fiction?
Advantage Business Media
 
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ira Feldman
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
kashyap velpuru
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
RISC-V International
 
AIFrienz_Webinar_Tomomi_Research_Inc).pdf
AIFrienz_Webinar_Tomomi_Research_Inc).pdfAIFrienz_Webinar_Tomomi_Research_Inc).pdf
AIFrienz_Webinar_Tomomi_Research_Inc).pdf
Seong-Hun Choe
 
IRJET- Design and Realization of Labview based Monitoring and Control of ...
IRJET- Design and Realization of Labview based Monitoring and Control of ...IRJET- Design and Realization of Labview based Monitoring and Control of ...
IRJET- Design and Realization of Labview based Monitoring and Control of ...
IRJET Journal
 
Team 2 Final Presentation 12-7 download
Team 2 Final Presentation 12-7 downloadTeam 2 Final Presentation 12-7 download
Team 2 Final Presentation 12-7 downloadCassandra A. Appleton
 
IBOSEC-3000-2.pdf
IBOSEC-3000-2.pdfIBOSEC-3000-2.pdf
IBOSEC-3000-2.pdf
Andrew Benhase
 
Ploughshare overview slideshare 2015
Ploughshare overview slideshare 2015Ploughshare overview slideshare 2015
Ploughshare overview slideshare 2015
ctgoff
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
Satria Ady Pradana
 

Similar to SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera (20)

Anti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfAnti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdf
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
IIC_QuiltPackaging_TechBriefing_February2016
IIC_QuiltPackaging_TechBriefing_February2016IIC_QuiltPackaging_TechBriefing_February2016
IIC_QuiltPackaging_TechBriefing_February2016
 
2011 年會-IC封測產業技術發展現況與未來挑戰
2011 年會-IC封測產業技術發展現況與未來挑戰2011 年會-IC封測產業技術發展現況與未來挑戰
2011 年會-IC封測產業技術發展現況與未來挑戰
 
System on Chip
System on ChipSystem on Chip
System on Chip
 
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
IoT workshop - Is 1kV Also Enough for IoT ESD Protection – Do Current Test Me...
 
Michael_Kogan_portfolio
Michael_Kogan_portfolioMichael_Kogan_portfolio
Michael_Kogan_portfolio
 
Michael_Kogan_portfolio
Michael_Kogan_portfolioMichael_Kogan_portfolio
Michael_Kogan_portfolio
 
IRJET- Wireless Controlled Robot for Bomb Detection and Defusion
IRJET- Wireless Controlled Robot for Bomb Detection and DefusionIRJET- Wireless Controlled Robot for Bomb Detection and Defusion
IRJET- Wireless Controlled Robot for Bomb Detection and Defusion
 
Optocoupler Degradation - Fact or Fiction?
Optocoupler Degradation - Fact or Fiction?Optocoupler Degradation - Fact or Fiction?
Optocoupler Degradation - Fact or Fiction?
 
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
Ideal 3D Stacked Die Test - IEEE Semiconductor Wafer Test Workshop SWTW 2013
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
 
AIFrienz_Webinar_Tomomi_Research_Inc).pdf
AIFrienz_Webinar_Tomomi_Research_Inc).pdfAIFrienz_Webinar_Tomomi_Research_Inc).pdf
AIFrienz_Webinar_Tomomi_Research_Inc).pdf
 
IRJET- Design and Realization of Labview based Monitoring and Control of ...
IRJET- Design and Realization of Labview based Monitoring and Control of ...IRJET- Design and Realization of Labview based Monitoring and Control of ...
IRJET- Design and Realization of Labview based Monitoring and Control of ...
 
Team 2 Final Presentation 12-7 download
Team 2 Final Presentation 12-7 downloadTeam 2 Final Presentation 12-7 download
Team 2 Final Presentation 12-7 download
 
IBOSEC-3000-2.pdf
IBOSEC-3000-2.pdfIBOSEC-3000-2.pdf
IBOSEC-3000-2.pdf
 
Ploughshare overview slideshare 2015
Ploughshare overview slideshare 2015Ploughshare overview slideshare 2015
Ploughshare overview slideshare 2015
 
poster
posterposter
poster
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 

More from SBA Research

SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
SBA Research
 
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
SBA Research
 
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Research
 
SBA Security Meetup: I want to break free - The attacker inside a Container
SBA Security Meetup: I want to break free - The attacker inside a ContainerSBA Security Meetup: I want to break free - The attacker inside a Container
SBA Security Meetup: I want to break free - The attacker inside a Container
SBA Research
 
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
SBA Research
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas Falk
SBA Research
 
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talksSBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
SBA Research
 
SBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
SBA Live Academy, Rechtliche Risiken mit externen MitarbeiternSBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
SBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
SBA Research
 
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
SBA Research
 
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
SBA Research
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Research
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Research
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
 
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
SBA Research
 
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
SBA Research
 
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon TjoaSBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
SBA Research
 
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald SenderaSBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
SBA Research
 
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
SBA Research
 
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
SBA Research
 

More from SBA Research (20)

SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
NDSS 2021 RandRunner: Distributed Randomness from Trapdoor VDFs with Strong U...
 
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
SBA Security Meetup – Security Requirements Management 101 by Daniel Schwarz ...
 
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
SBA Security Meetup: Building a Secure Architecture – A Deep-Dive into Securi...
 
SBA Security Meetup: I want to break free - The attacker inside a Container
SBA Security Meetup: I want to break free - The attacker inside a ContainerSBA Security Meetup: I want to break free - The attacker inside a Container
SBA Security Meetup: I want to break free - The attacker inside a Container
 
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
"Rund um die ISO27001 Zertifizierung – Nähkästchentalk" by Thomas Kopeinig
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas Falk
 
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talksSBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
SBA Live Academy - "BIG BANG!" Highlights & key takeaways of 24 security talks
 
SBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
SBA Live Academy, Rechtliche Risiken mit externen MitarbeiternSBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
SBA Live Academy, Rechtliche Risiken mit externen Mitarbeitern
 
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
Tools &amp; techniques, building a dev secops culture at mozilla sba live a...
 
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
HydRand: Efficient Continuous Distributed Randomness. IEEE S&P 2020 by Philip...
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
 
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
SBA Live Academy - Threat Modeling 101 – eine kurze aber praxisnahe Einführun...
 
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
SBA Live Academy - Angriffe gegen das Stromnetz – Wenn der Strom nicht mehr a...
 
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon TjoaSBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
SBA Live Academy: Cyber Resilience - Failure is not an option by Simon Tjoa
 
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald SenderaSBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
SBA Live Academy: Datenschutz Teil 1: Wozu Datenschutzgesetze? by Gerald Sendera
 
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
SBA Live Academy: Remote Access – Top Security Challenges – Teil 2 by Günther...
 
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
SBA Live Academy, Supply Chain & Cyber Security in einem Atemzug by Stefan Ja...
 

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

SBA Live Academy - Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera

  • 1. Classification: Public 1 Welcome to the SBA Live Academy #bleibdaheim #remotelearning Today: Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) by Christian Kudera You are automatically muted by entry, please use the chat for interacting with us. This talk will be recorded as soon as the presentation starts! Recording will end BEFORE the Q&A Session starts.
  • 2. Classification: Public 2 Physical Attacks against (I)IoT-Devices, Embedded Devices, Microcontrollers and System on Chips (SoC) Christian Kudera SBA Research gGmbH, 2020
  • 3. Classification: Public 3 Acknowledgement • Presentation partially based on slides from Markus Kammerstetter (Trustworks GmbH) o https://www.trustworks.at/ SBA Research gGmbH, 2020
  • 4. Classification: Public 4 Hardware Security Fundamentals SBA Research gGmbH, 2020
  • 5. Classification: Public 5 Newer Designs SBA Research gGmbH, 2020
  • 6. Classification: Public 6 Integrated Circuit (IC): Die SBA Research gGmbH, 2020
  • 8. Classification: Public 8 Mechanical Invasiveness • Non-invasive o It is not necessary to open the chip • Semi-invasive o The chip has to be decapsulated, so that the die is visible o Passivation layer stays intact • Invasive o The chip is fully decapsulated o Passivation layer is (partially) removed o Physical contact to chip signals possible SBA Research gGmbH, 2020 Costs
  • 9. Classification: Public 9 Hardware Security Non-Invasive Attacks SBA Research gGmbH, 2020
  • 10. Classification: Public 10 A bad password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { for (int i=0; i<pass_len; i++) { if (passwd[i] != stored_passwd[i]) return false; } return true; }
  • 11. Classification: Public 11 A bad password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { for (int i=0; i<pass_len; i++) { if (passwd[i] != stored_passwd[i]) return false; } return true; } Terminates as soon a byte is wrong Based on timing information, it’s is easy to guess the password
  • 12. Classification: Public 12 A better password check SBA Research gGmbH, 2020 bool check_password(char *passwd) { int err=0; for (int i=0; i<pass_len; i++) { err |= passwd[i] ^ stored_passwd[i]; } if (err != 0) return false; return true; } Constant time
  • 13. Classification: Public 13 Simple Power Analysis • The power consumption of a processor depends on the instruction executed • Security analyst / attacker closely monitors the power consumption during clock cycles (i.e. time domain) • For a given instruction, the power consumption also depends on the data processed SBA Research gGmbH, 2020
  • 14. Classification: Public 14 Simple Power Analysis SBA Research gGmbH, 2020
  • 15. Classification: Public 15 Vulnerable RSA exponentiation • Example: • Using SPA, it’s possible to completely recover the RSA secret key during the exponentiation of large integers! SBA Research gGmbH, 2020 [Cryptography Research, Inc.]
  • 16. Classification: Public 16 Side Channel Countermeasures • Use secure components (e.g. microcontroller with implemented countermeasures) • Leakage reduction (e.g. through balancing) • Noise introduction • Masking (e.g. through insertion of random dummy cycles) • Obfuscation SBA Research gGmbH, 2020
  • 17. Classification: Public 17 Clock Glitching • For a short time, the IC receives a clock pulse that is too fast for the IC to fully process: • Some of the IC operations will work as intended (e.g. increase program counter), others will not finish and get interrupted • Can be used to skip code (e.g. conditional jump in password check) SBA Research gGmbH, 2020
  • 18. Classification: Public 18 Voltage Glitching SBA Research gGmbH, 2020
  • 19. Classification: Public 19 Practical Example • Bozzato, Claudio, Riccardo Focardi, and Francesco Palmarini. "Shaping the Glitch: Optimizing Voltage Fault Injection Attacks." IACR Transactions on Cryptographic Hardware and Embedded Systems (2019) • Firmware extraction via fault injection o STMicroelectronics: STM32 F1, STM32 F3 o Texas Instruments: MSP430 F5xx o Renesas Electronics: 78K family (e.g. 78K0/Kx2) SBA Research gGmbH, 2020
  • 20. Classification: Public 20 Fault Injection Countermeasures • Use secure components (e.g. microcontroller with implemented countermeasures) • Environmental sensors • Tamper sensors • Internal filtering • Shielding SBA Research gGmbH, 2020
  • 21. Classification: Public 21 Cold Boot Stepping • Obermaier, Johannes, and Stefan Tatschner. "Shedding too much light on a microcontroller's firmware protection." 11th USENIX Workshop on Offensive Technologies (WOOT 17). 2017 • Analysis of the STMicroelectronics STM32 F0 security concept SBA Research gGmbH, 2020
  • 22. Classification: Public 22 Hardware Security Semi-Invasive Attacks & Invasive Attacks SBA Research gGmbH, 2020
  • 23. Classification: Public 23 Wet Chemical Decapsulation • Epoxy package is very resistant • Epoxy can be dissolved in concentrated and heated up acids (usually fuming HNO3, H2SO4 or a combination thereof) • Bonding wires, pads and passivation layer stays intact, copper wires can be an issue • Easy to conduct, but safety equipment necessary SBA Research gGmbH, 2020
  • 24. Classification: Public 24 Wet Chemical Decapsulation SBA Research gGmbH, 2020 1 – Carefully mill a cavity
  • 25. Classification: Public 25 Wet Chemical Decapsulation SBA Research gGmbH, 2020 2 – Carefully apply nitric acid (HNO3) / sulfuric acid (H2SO4) on hot plate Safety equipment & fume hood
  • 26. Classification: Public 26 Wet Chemical Decapsulation SBA Research gGmbH, 2020 3 – Rinse in Acetone
  • 27. Classification: Public 27 Wet Chemical Decapsulation SBA Research gGmbH, 2020 4 – Repeat etch & rinse until die fully exposed
  • 28. Classification: Public 28 Wet Chemical Decapsulation SBA Research gGmbH, 2020 5 – Clean in Acetone in ultrasonic cleaner to remove remaining residue
  • 29. Classification: Public 29 Wet Chemical Decapsulation SBA Research gGmbH, 2020 6 – Chip ready for further analysis and/or attack Chip is still functional
  • 30. Classification: Public 30 Optical Microscopy SBA Research gGmbH, 2020
  • 31. Classification: Public 31 Scanning Electron Microscope SBA Research gGmbH, 2020
  • 32. Classification: Public 32 Plasma Deprocessing • Principle of plasma etching already covered (i.e., plasma decapsulation) • Advantage: o Very clean results o strong selectivity o passivation removal • Disadvantages: o Metal etching requires highly toxic Chlorine based gases o Formation of “RIE grass” SBA Research gGmbH, 2020
  • 33. Classification: Public 33 Polishing • Use slurry with silica crystals for polishing • Die is mounted with special wax • Alignment is key to get planar polishing results • Disadvantage: o Uneven results o Material dependent removal rates SBA Research gGmbH, 2020
  • 34. Classification: Public 34 Example: Metal Layer Removal SBA Research gGmbH, 2020 Top metal layer Below interconnect layer exposed
  • 35. Classification: Public 35 Example: Via Imaging SBA Research gGmbH, 2020
  • 36. Classification: Public 36 Automated Gate Recognition • Using pattern recognition, security analyst / attacker can identify the standard cells and how they are interconnected • It’s possible to reconstruct the implemented logic SBA Research gGmbH, 2020
  • 37. Classification: Public 37 Focused Ion Beam (FIB) SBA Research gGmbH, 2020
  • 38. Classification: Public 38 Summary & Takeaway • Physical attacks are a serious threat for the IoT and embedded devices o Know the risks and consider them in a threat analysis • Use secure components if necessary o Be aware that an attacker may still be able to extract the firmware or particular secrets SBA Research gGmbH, 2020
  • 39. Classification: Public 39 Professional Services Penetration Testing Architecture Reviews Security Audit Security Trainings Incident Response Readiness ISMS & ISO 27001 Consulting Bridging Science and Industry Applied Research Industrial Security | IIoT Security | Mathematics for Security Research | Machine Learning | Blockchain | Network Security | Sustainable Software Systems | Usable Security SBA Research Knowledge Transfer SBA Live Academy | sec4dev | Trainings | Events | Teaching | sbaPRIME Contact us: anfragen@sba-research.org
  • 40. Classification: Public 40 #bleibdaheim #remotelearning Coming up @ SBA Live Academy 05.05.2020, 13.00 Uhr, live: „Threat Modeling 101 – eine kurze jedoch praxisnahe Einführung“ by Daniel Schwarz Join our MeetUp Group! https://www.meetup.com/Security-Meetup-by-SBA-Research/
  • 41. Classification: Public 41 Christian Kudera SBA Research gGmbH Floragasse 7, 1040 Vienna ckudera@sba-research.org SBA Research gGmbH, 2019